Pentest report on Helpdesk

Executive Summary Helpdesk is a Windows 2008 Standard server which hosts ManageEngine ServiceDesk Plus (SDP) 7.6 web application, the ManageEngine SDP version suffers from multiple vulnerabilities, amongst multiple vulnerabilities we used two exploits. Sql injection - We are able to read proof.txt from C:\Users\Administrator\Desktop\Arbitrary file upload - We uploaded a malicious reverse shell java war … Continue reading Pentest report on Helpdesk

Pentest report on Nickel

Executive Summary We are able to obtain the first success criteria - local.txt and second success criteria (proof.txt) - due to simple crackable passwords of username - ariah. During the penetration testing we have obtained two passwords related to username - ariah, one is for ftp/ssh login the other is FileZilla FTP server administration login. … Continue reading Pentest report on Nickel

Pentest report on livda

Executive summary This section summarizes on how I can gain initial foothold until privilege escalation. The pentest of livda reveals there is a password disclosure flaw while doing directory listing with account admin in the FTP server, this is possible because zFtpserver has an easily guessed credential - admin:admin. By login to livda as admin … Continue reading Pentest report on livda

Metasploit: Gaining remote access to Windows XP

The target system is an old Windows XP system that has no service pack. The exploit used is dcom ms03_026. Exploit is like a backdoor found within a program bug usually this bug is a buffer overflow bug which caused the register to be overwritten, the overwritten register is loaded with the payload you select. … Continue reading Metasploit: Gaining remote access to Windows XP